Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/29/2018
11:15 AM
50%
50%

Equifax Software Manager Charged with Insider Trading

Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.

Fallout from the epic Equifax data breach just keeps coming: A second employee of the credit-monitoring firm has been charged with insider trading in connection with the attack.

Former Equifax software development manager Sudhakar Reddy Bonthu, 44, was arraigned in US District Court in Atlanta this week. Bonthu allegedly using his inside knowledge of the 2017 data breach before it was made public and purchased so-called "put" stock options that allowed him to earn more than $75,000 in profit when the announcement was made and Equifax's stock dropped.

Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach.

Read more here

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Page 1 / 2   >   >>
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2018 | 1:55:02 PM
Not Surprising
This is not surprising to me in the least. I would be surprised however if it was to be the last person charged in light of the Equifax breach.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2018 | 2:00:27 PM
Best Practice?
Can someone explain to me what is best practice in these scenarios? I find it somewhat confusing. If someone inadvertently told you that your investments were going to plummet unless you dropped them due to an event with the company are you suppose to just steer your boat into the iceberg? 

This is a cynical representation of it of course but seriously I can't fathom being in that position and would like someone who is better versed legally to shed some light on the matter.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:44:16 PM
Fallout
Fallout from the epic Equifax data breach just keeps coming For me it it is better to focus on why these type of massive attacks happenin the first place and the focus on what people did wrong once it happened. We have no clue what went wrong.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:45:09 PM
Re: Not Surprising
I would be surprised however if it was to be the last person charged in light of the Equifax breach. I would agree. But these are mistakes after the mistakes, not root course of the problem they are in.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:46:42 PM
Re: Best Practice?
Can someone explain to me what is best practice in these scenarios? I think this is a good question. I am not sure if thee is a best practice in this case.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:48:04 PM
Re: Best Practice?
This is a cynical representation of it of course but seriously I can't fathom being in that position and would like someone who is better versed legally to shed some light on the matter. I would say this would depend on circumstances of the case, each case would be different, mainly around intention.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:49:49 PM
CIO
Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach Charges on insider trading? How about not securing the network as it should be, so no charge on that!
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:08:11 AM
Re: Best Practice?
First, he didn't sell stock he already owned to avoid the decrease in value. He purposefully purchased PUT options. Meaning he placed a bet the stock would drop, and when it did he cashed in. Second, google insider trading wiki. Best practice doesn't mean anything here, there are specific laws that say what you are NOT ALLOWED to do. And yes, you could be stuck knowing your stock is about to become worthless, and you can't legally sell it before the news breaks, or warn others to do so.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:16:24 AM
Re: CIO
Come on, reality check. If we charged every CIO who oversaw a network that wasn't 100% secure, and/or patched.... you'd be charging EVERY CIO. Drop down to 90% secure/patched and you'd only have to charge 90% of CIO's, etc. Veracode publicly said they saw 90% of their customers STILL had systems with the same Apache Struts app unpatched six months after Equifax. Not making excuses for them, but being outraged doesnt change reality.... every company has similar issues, and everyone's data was already stolen.
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Moderator
6/30/2018 | 2:26:14 PM
Re: Best Practice?
I think that the problem is that there is no defined best practice with regard to securing the data.  The comment that I heard from someone at the FBI was that if they published a best practice or good practice document, people might hold them to it and use the document to avoid legal penalty.  I was somewhat incredulout about this answer since it meant that lack of a "good practices" document made it almost impossible to bring a legal charge against the firm.

Insider trading is a different matter in the law more clearly specifies what constitutes a breach of the law.  It is therefore much easier to bring criminal charges and obtain a guilty verdict.
Page 1 / 2   >   >>
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12881
PUBLISHED: 2019-06-18
i915_gem_userptr_get_pages in drivers/gpu/drm/i915/i915_gem_userptr.c in the Linux kernel 4.15.0 on Ubuntu 18.04.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) or possibly have unspecified other impact via crafted ioctl calls to /dev/dri/card0.
CVE-2019-3953
PUBLISHED: 2019-06-18
Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.0 allows a remote, unauthenticated attacker to execute arbitrary code by sending a crafted IOCTL 10012 RPC call.
CVE-2019-12133
PUBLISHED: 2019-06-18
Multiple Zoho ManageEngine products suffer from local privilege escalation due to improper permissions for the %SYSTEMDRIVE%\ManageEngine directory and its sub-folders. Moreover, the services associated with said products try to execute binaries such as sc.exe from the current directory upon system ...
CVE-2019-12592
PUBLISHED: 2019-06-18
A universal Cross-site scripting (UXSS) vulnerability in the Evernote Web Clipper extension before 7.11.1 for Chrome allows remote attackers to run arbitrary web script or HTML in the context of any loaded 3rd-party IFrame.
CVE-2017-8328
PUBLISHED: 2019-06-18
An issue was discovered on Securifi Almond, Almond+, and Almond 2015 devices with firmware AL-R096. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross site request forgery prot...